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Claims 




1. A device for communicating with other devices to allow them to access 
applications, comprising: 
at least a first appl ication; 

authentication me<ans for authenticating a communicating device; 
access control rreans accessible by a communicating device requesting 
access to the first application without the communicating device having been 
authenticated by tie authentication means, and arranged to arbitrate whether 
access of the communicating device to the first application is granted or 
refused wherein if the arbitration requires an authentication of the 
communicating device, the access control means instructs the authentication 
means to authenticate the communicating device. 

2. A device as claimed in claim 1 wherein the access control means is 
arranged to store security indications in association with accessible 
applications, where in the stored security indication associated with the first 
application is indicative of whether authentication of the communicating 
device is or is not required during arbitration. 

3. A device as claimed in claim 1 further comprising a user interface for 
authorising access to an application during arbitration, the access control 
means being arranged to store security indications in association with 
accessible applications, wherein the stored security indication associated with 
the first application lis indicative of whether user authorisation of the 
communicating devicelis or is not required during arbitration. 



4. A device as claimed in claim 2 wherein the stored security indication 
associated with the firsf application is indicative of whether authentication of 



23 

the communicating ddvice is or is not required during arbitration, in 
independence of the identity of the communicating device. 
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15 



5. A device as claimed n claim 3 wherein the access control means is further 
arranged to store trust indications in association with devices, and wherein the 
stored security indication associated with the first application is indicative of 
whether user authorisation of the communicating device is or is not required 
during arbitration in dependence upon any stored trust indication associated 
with the communicating device. 

6. A device as claimeld in claim 1 further comprising a user interface for 
authorising access to Ian application during arbitration, the access control 
means being arranged to store trust indications in association with devices, 
wherein if there is a stared trust indication associated with the communicating 
device then no user authorisation is required. 
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7. A device as claimed in claim 6 wherein the access control means receives 
indications originating from communicating device identifying the 
communicating device] 

8. A device as claimed in claim 1 further comprising a user interface for 
authorising access td an application during arbitration, the access control 
means being arrangep to store trust indications in association with devices 
and to store security indications in association with accessible applications, 
wherein if there is a stored trust indication associated with the communicating 
device then no user authorisation is required and if there is no trust indication 



associated with tljfe 
dependence on the s 
application. 
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communing device user authorisation is required in 
oreid security indication associated with the requested 



I 

9. A device as claime i in claim 5 wherein the access control means receives 
indications originating from the communicating device identifying the 
communicating device \ and the application requested. 

5 10. A device as claimed in claim 1 having a device database which stores 
trust indications of different devices. 



11. A device as claimed in claim 1 having a service database for storing 
security indications |of the accessible applications. 

10 

12 A device as claimed in claim 1 wherein authentication comprises secret 
key exchange between the device and the communicating device. 

13. A device as claimed in claim 1 wherein the access control means is an/the 
1 5 interface with the first application. 
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14. A device as maimed in claim 1 having a protocol stack comprising a first 
layer and a second higher layer overlying the first layer, with or without, 
intermediary layers, wherein the first lower layer is the authentication means 



20 and the second 



igher layer is part of the access control means. 



15. A device as 
with a security 



claimed in claim 14 wherein the second layer in combination 
rrtanager is the access control means. 



16. A device as 
Protocol Layer 
v0.9 or its equivalent 



claimed in claim 14 wherein the first layer is the Link Manager 
according to the presently proposed Bluetooth specification 
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17. A device as claimed in claim 14 wherein the second layer is not the Link 
Manager Protocol Layer according to the presently proposed Bluetooth 
specification v0.9 or As equivalent. 



18. A device as claimed in claim 1 comprising a plurality of applications and a 
plurality of access control means where each application has an access 
control means connected to it. 



19. A device as claimed in claim 18 wherein the plurality of access control 
10 means are arranged in a hierarchy, wherein a first access control means at 
the lowest level in the hierarchy provides access to at least a second access 
control means and access to one or both of a third access control means and 
an application, wherein access to each application is provided via one or more 
access control means including the first access control means and the 
15 application's connected access control means, if different, and wherein any 
access control means is accessible by a communicating device requesting 
access to one of its connected applications without the communicating device 
having been authenticated by the authentication means, and is arranged to 
arbitrate whether access of the communicating device to the one connected 
20 application is granted or refused, the connected access control means 
instructing the authentication means to authenticate the communicating 
device if the arbitration requires an authentication of the communicating 
device. 
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25 20. A device as 



claimed in claim 14 wherein the or each access control 



means includes c ne of a plurality of different multiplexing protocol layers 



21. A device as 
combination of 



claimed in claim 20 wherein each access control means is the 
the one multiplexing protocol layer and a security manager 



v. 




22. A device as claimled 
particular application 
associated with that 
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in claim 20 or wherein the access control means for a 
is the highest possible multiplexing protocol layer 
>articular application., 



23. A device as claimed in claim 14 wherein a request to access the first 
application proceeds up through the protocol stack to the access control 
means. 



10 



15 



20 



25 



30 



24. A device as cliimed in claim 21 wherein each multiplexing protocol layer, 
in the route of the request as it proceeds up through the protocol stack, 
queries the security manager which, if the requested application is not 
connected to the c uerying protocol layer, allows access of the request through 
the querying protocol [ayer^to a higher multiplexing protocol layer, and, if the 
requested application is connected to the querying protocol layer, performs an 
arbitration to grant or refuse access of the communicating device to the 
requested application. 



25. A device as c 
authentication me 



26. A device as 
and a user interfa 



aimed in claim 15 wherein the security manager controls the 
ans. 



claimed in claim 1 being portable, having a radio transceiver 
ce comprising a display and user input means. 

communicating with other clevices to allow them to access 



27. A device for 
applications, cornDrising: 
at least first and second applications; 
authentication moans for authenticating a communicating device; 
first access control means accessible by a communicating device requesting 
access to the first application without the communicating device having been 
authenticated by^he authentication means, and arranged to arbitrate whether 
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access of the comm 
refused wherein if 
communicating device 
means to authenticate 
second access cont 
requesting access tc 
device having been a 
to arbitrate whether 



jnicating device to the first application is granted or 
the arbitration requires an authentication of the 
, the access control means instructs the authentication 
the communicating device. 

"ol means accessible by a communicating device 
the second application without the communicating 
jthenticated by the authentication means, and arranged 
access of the communicating device to the second 



application is granted or refused wherein if the arbitration requires an 
10 authentication of th 3 communicating device, the access control means 
instructs the authentication means to authenticate the communicating device, 
wherein the first access control means is accessible by a communicating 

access to the second application without the 
communicating device having been authenticated by the authentication 
means, and is arranged to provide the access of the communicating device to 
the second access means. 



28. A method of arbitrating the access of a requesting device to a service 
provided by a providing device comprising: 

sending a request tp access the service from the requesting device to the 
providing device; 

receiving the requfest at the providing device and passing it, without 
authenticating the requesting device, to an arbitration means interfacing the 



service; 

determining, in the 
the first application 



arbitration means, whether to grant or refuse access to 
by the requesting device, wherein if the determination 
requires an authentication of the requesting device, the authentication is 
performed during that determination and not previously. 
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29. A method as claimed in claim 28 wherein the determination is made on 
the basis of the iderpty of service requested and/or the identity of the 
requesting device. 

30. A device for providing services and allowing access by other devices to 
the provided services, comprising: 

an interface fo- communicating with the other devices and receiving 
requests to access a service therefrom; 

arbitration means, for determining whether a requesting device 
communicating throu jh the interface can access a service it has requested 
access to, arranged to store trust indications in association with requesting 
devices and arrange j to receive from the interface an indication, originating 
from the other devico, identifying the other device, wherein, if the requesting 
device has a stored trust indication associated therewith no user authorisation 

the requesting device has no stored trust indication 
user authorisation is requirable; and 



is required and if 
associated therewith 



a user interface for p roviding user authorisation. 

31. A device for providing services and allowing access by other devices to 

20 the provided services, comprising: 

an interface for communicating with the other devices and receiving 
requests to access a service therefrom; 

arbitration means, for determining whether a requesting device 
communicating through the interface can access a service it has requested 

25 access to, arranged to store trust indications in association with requesting 
devices and store security indications in association with provided services 
and arranged to receive from the interface indications, originating from the 
other device, identi ying the other device and the service requested, wherein, 
if the requesting device has a stored trust indication associated therewith no 

30 user authorisation s required and if the requesting device has no stored trust 



indication associ 
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3ted therewith user authorisation is required in dependence 
upon the stored security indication associated with the requested service; 
and a user interface for providing user authorisation. 




